Specific tools for the management and prevention of the risk of corruption have long been in place within the Bank. The internal regulatory sources that enable to mitigate this risk may be traced back to:

the Intesa Sanpaolo Group’s Code of Ethics

the Group's Internal Code of Conduct

the Organisation, Management and Control Model pursuant to Legislative Decree 231/01

In addition to these documents, an internal regulatory framework is provided which regulates in detail the business processes potentially instrumental to the commission of crimes of corruption.

With regard to the Organisation, Management and Control Model pursuant to Legislative Decree 231/01, in November 2017, the Board of Directors approved the update of Intesa Sanpaolo’s Model, mainlyattributable to changes in external regulations and the adoption of the Group Anti-Corruption Guidelines. In March 2017, the Board of Directors approved the Group's Anti-Corruption Guidelines, which identify the principles and the sensitive areas and define the roles, responsibilities and macro-processes for the management of this risk, further strengthening an internal regulatory framework. The Guidelines define the commitment to comply with the regulatory provisions aimed at combating corruption in all its forms. In line with international and domestic best practices, the Group does not tolerate: any type of corruption and any conduct involving the offer or acceptance of money or other benefits – directly or indirectly – with theaim of inducing or rewarding the performance of a function/activity or its omission. The responsibility for control in this area is assigned to the Anti-Money Laundering Head Office Department and its Manager is allocated the role of Group Anti-Corruption Officer. During the year, the Anti-Money Laundering Head Office Department assessed 172 transactions in the highest risk areas and in July 2017, specific training was provided on the strengthening of the Group's anti-corruption controls during a meeting between the Management Control Committee, the Surveillance Body (SB) of Intesa Sanpaolo and the Boards of Statutory Auditors/SBs of the Subsidiaries. To provide the Surveillance Body with an overall picture of the planning of second-level (compliance, anti-money laundering, administrative/financial governance) and third-level (internal audit) controls, the Compliance department collects the respective plans from the relevant Structures on an annual basis regarding the scheduled supervision of sensitive areas and incorporates them into the 231 Audit Plan. On the basis of this document, the Surveillance Body assesses the adequacy of the programme of audits on individual sensitive company activities and identifies any further actions needed to strengthen the audit plans.

Furthermore, Group's policies do not allow sponsorships or donations in favour of political parties and movements and their organizational structures.